By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The variants have very simple characteristics: a spoofed address; a blank message body and subject; and a randomly named .exe attachment for Bagle-U and an attachment for Bagle-V called game.exe.

"There is nothing compelling in the e-mail, literally nothing, to make a user click on the attachment," Ken Dunham, director of malicious code at Reston, Va.-based iDefense, said in a statement. "By simply having just an attachment, Bagle-U has already enticed thousands to open the malicious attachment."

When executed, Bagle-U attempts to open the Microsoft Hearts card game (mshearts.exe) on the target computer to conceal the infection, said Dunham. It then installs itself in the Windows System directory as gigabit.exe. When Bagle-V runs, it copies itself to the system folder, modifies the registry key and attempts to execute Dredr.exe, if it's present on the infected computer. Bagle-V avoids sending e-mail messages to addresses that contain the strings: @avp and @microsoft. Both install a backdoor Trojan horse that communicates on TCP port 4751 and perform a mass mailing similar to previous Bagle worm variants.

"While it's not unusual for there to be a large number of variants to a virus, Bagle has been particularly interesting in the number of variants that have been a significant threat," Chris Kraft, senior security analyst at Sophos, said in a news release. "As with most Bagles, [these] compromise an infected user's confidentiality by opening a backdoor, potentially turning the computer into a zombie for hackers to use."

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy